package com.dk.shiro;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

//配置shiro需要三个ShiroFilterFactoryBean,DefaultWebSecurityManager,UserRealm,userrealm需要继承AuthorizingRealm
@Configuration
public class ShiroConfig {



    //创建一个ShiroFilterFactoryBean关联DefaultWebSecurityManager
    //可以过滤内容
    @Bean
    public ShiroFilterFactoryBean shiroFilterChainDefinition(@Autowired DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
        Map<String,String> map = new LinkedHashMap<>();
        //anon 可以访问
        //authc 必须登录才可以访问
        //logout 删除当前登录账户
        //perms 确定权限,该账户是否拥有此路径权限
        map.put("/loginController/**","anon");
        map.put("/js/**","anon");
        map.put("/course/list","perms[course_details]");
        map.put("/menuController/treeMenu","perms[E]");
        //配置权限后就会去权限方法里匹配
        map.put("/**","authc");
        shiroFilterFactoryBean.setLoginUrl("/loginController/toLogin");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
        //如果权限不足设置跳转页面
        shiroFilterFactoryBean.setUnauthorizedUrl("/loginController/unauthorizedUrl");
        return shiroFilterFactoryBean;
    }



    //创建一个DefaultWebSecurityManager关联userRealm
    @Bean
    public DefaultWebSecurityManager defaultWebSecurityManager(@Autowired UserRealm userRealm){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        //关联userRealm
        defaultWebSecurityManager.setRealm(userRealm);
        return defaultWebSecurityManager;
    }





    //创建一个rrealm对象,要和DefaultWebSecurityManager关联
    @Bean
    public UserRealm userRealm(@Autowired HashedCredentialsMatcher hashedCredentialsMatcher){
        UserRealm userRealm = new UserRealm();
        userRealm.setCredentialsMatcher(hashedCredentialsMatcher);
        return userRealm;
    }

    //3.5.4.1.在shiroConfig中配置加密方式,要和UserRealm关联
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher(){
        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
        //指定加密方式
        credentialsMatcher.setHashAlgorithmName("MD5");
        //加密次数
        credentialsMatcher.setHashIterations(3);
        //编码格式
        credentialsMatcher.setStoredCredentialsHexEncoded(true);
        return credentialsMatcher;
    }
    //配置ShiroDialect,配合thymeleaf和shiro标签使用,需要导入依赖
    @Bean
    public ShiroDialect shiroDialect(){
        return new ShiroDialect();
    }
}
